On Sun, Oct 07, 2007 at 06:34:03PM +0100, Adrian Portelli wrote:
>George Georgalis wrote:
>> I've been wondering about this audit-packages message...
>> 
>> Package rsync-2.6.9 has a remote-user-shell vulnerability, see
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
>> 
>> seems to be around a while. On the rsync list I found a patch.
>> Can someone aply it?
>> 
>> // George
>
>This was fixed about 6 weeks ago by tron@ and the package was bumped to
>2.6.9nb1.  The fix was also pulled up into the stable branch.

oh, okay. it seems my cvs is updated but on several
hosts, pkg_chk -un is not indicating an update is
available. I'll take a closer look Monday.

// George


-- 
George Georgalis, information system scientist <IXOYE><